ASA 5505 8.4 Port Redirection

I'm having some issues with port redirection on an ASA 5505 running post 8.4 software.  I have an internal webserver listening on TCP port 8040.  To make it easier on users I want them to use port 80 externally and I will redirect the inbound requests to port 8040. I also use port 8041, but it remains the same internally and externally.

In my 8.2 config this worked great.  This WAS my config:

access-list INBOUND_ACL extended permit tcp any interface outside eq www
access-list INBOUND_ACL extended permit tcp any interface outside eq 8041

static (inside,outside) tcp interface www 172.16.11.102 8040 netmask 255.255.255.255
static (inside,outside) tcp interface 8041 172.16.11.102 8041 netmask 255.255.255.255


In my 9.2 config, I am having some issues.  This is what my config looks like now and it is not working.  


object service WWW
 service tcp source eq www
 
object service PORT_8040
 service tcp source eq 8040
 
 object service PORT_8041
 service tcp source eq 8041

object network WEBSERVER
 host 172.16.11.102
 

access-list INBOUND_ACL extended permit tcp any host 172.16.11.102 eq www
access-list INBOUND_ACL extended permit tcp any host 172.16.11.102 eq 8041
 
nat (inside,outside) source static WEBSERVER interface service WWW PORT_8040
nat (inside,outside) source static WEBSERVER interface service PORT_8041 PORT_8041
LVL 4
jplagensAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
0
Pete LongTechnical ConsultantCommented:
object network Internal_Web_Server-WWW
host 172.16.11.102
nat (inside,outside) static interface service tcp www www
object network Internal_Web_Server-8041
host 172.16.11.102
nat (inside,outside) static interface service tcp 8041 8041
access-list INBOUND_ACL permit tcp any object Internal_Web_Server-WWW eq www
access-list INBOUND_ACL permit tcp any object Internal_Web_Server-8041 eq 8041

Should do you

Pete
0
jplagensAuthor Commented:
That didn't seem to work.  That config appears to be translating port 80 on the outside and inside.  I need to source port 80 from the outside and redirect to destination port 8040 on the inside.

I also tried this and it didn't work:

object network Internal_Web_Server-WWW
 host 172.16.11.102
 nat (inside,outside) static interface service tcp www 8040
0
jplagensAuthor Commented:
I finally got this working.  I read many articles and tried even more combinations.  Somehow it started working.  I cleared out all of the previous attempts an then added this:

object network WEBSERVER  
 host 172.16.11.102

object service WWW
 service tcp source eq www

object service PORT_8040
 service tcp source eq 8040

access-list INBOUND_ACL extended permit tcp any host 172.16.11.102 eq www
access-list INBOUND_ACL extended permit tcp any host 172.16.11.102 eq 8040
nat (inside,outside) source static WEBSERVER  interface service PORT_8040 WWW

Then I cleared all of the nat translations:
clear xlate

Finally I reapplied the ACL:
access-group INBOUND_ACL in interface outside

I tested and it worked.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jplagensAuthor Commented:
Problem resolved by poster.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.